Rogue base stations are used in various applications that involve tracking, eavesdropping and/or collecting information on cellular phones or other mobile communication terminals. Some rogue base stations solicit a tracked terminal to reveal its International Mobile Subscriber Identity (IMSI). Therefore, rogue base stations are commonly referred to as “IMSI catchers.”
Examples of IMSI catching techniques are described, for example, by Strobel in “IMSI Catcher,” Jul. 13, 2007, by Asokan et al., in “Man-in-the-Middle Attacks in Tunneled Authentication protocols,” the 2003 Security Protocols Workshop, Cambridge, UK, Apr. 2-4, 2003, and by Meyer and Wetzel in “On the Impact of GSM Encryption and Man-in-the-Middle Attacks on the Security of Interoperating GSM/UMTS Networks,” proceedings of the 15th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, Barcelona, Spain, Sep. 5-8, 2004, pages 2876-2883, which are all incorporated herein by reference.
Several techniques for detecting IMSI catchers are known in the art. For example, the Open Source Mobile Communication Base Band (OsmocomBB), or Open Source GSM Baseband project, supports free software that can be uploaded to a mobile phone. The program configures a cellular phone to detect and report to the subscriber when the phone is being tracked by an IMSI catcher. Nethawk Oyj (Oulu, Finland) offers a product called Nethawk-C2 that performs cell scanning and IMSI catcher detection.
U.S. Pat. No. 8,351,900, whose disclosure is incorporated herein by reference, describes techniques for detecting a rogue base station. A disclosed method receives signaling messages by a mobile apparatus at least from one base station of a cellular network, interprets a received signaling message, searches for an anomaly with at least one signaling parameter of the received signaling message from a first base station to a known comparison signaling parameter, and gives an alert if the comparison gives an unequal result concerning at least one signaling parameter.